Can the Windows XP firewall be 'breached'?

[Ken90630]

I've been wondering about something for awhile and thought I'd get you guys' expert opinions:

Let's say a person is running Windows XP and connecting to the Web via DSL or cable. Is the 'stock' Windows firewall good enough to keep the bad guys out? I'm thinking mainly of a cracker trying to get into someone's machine via a stateful packet of malware or whatever these cretins use these days to get in.

Reason I ask is that I often see people say that it's best to be behind a router or hardware firewall if a person is gonna be using DSL or cable. But if for some reason a person just wants to use the Windows XP firewall by itself, is that gonna be adequate? Or can a powerful-enough attack actually breach the XP firewall?

I have a friend who's upgrading from dial-up to DSL, but she's really not savvy enough to manage a software firewall like Zone Alarm or similar. All the "such & such program is trying to access the Internet -- do you want to allow it?" alerts would be over her head. But she can handle the XP firewall because it doesn't provide for monitoring/permissions of programs trying to access the Web.

For discussion purposes here, I'm mainly concerned with the XP firewall's ability to keep uninvited malware out. I realize it won't help if she lets malware in via an e-mail attachment and it sets up shop to "phone home" or whatever. Whaddya guys think?

 

[n0cmonkey]

No security is perfect.

 

[datalink7]

Text

 

[BladeVenom]

It's good enough for home use. Although there's so many ways for your machine to get something on it that a firewall can't be expected to stop that I prefer a firewall that can keep things from getting out.

 

[nweaver]

a $20 router that does nat (not even SPI) is the best bang for buck for home level broadband security imho


that and non admin accounts

 

[Ken90630]

Thanks for the feedback.

Okay, so next question: Without giving any ideas to any crackers who might be reading this :evil:, how would the Windows XP firewall get breached? It's supposed to reject any outside communication attempts that aren't initiated by the user, so theoretically it should thwart port scans, stateful packets, etc., right? Or do the bad guys have ways around that?

 

[John]

Originally posted by: Ken90630
For discussion purposes here, I'm mainly concerned with the XP firewall's ability to keep uninvited malware out.

Routers and other software firewalls won't keep malware out of the system. Most malware is installed thru ActiveX controls, rogue popups, and is piggy-backed with apps like P2P (Kazaa, Morpheus, Bear Share, etc). In some cases you'll pick up a trojan in your browser cache and it will download malware.

A firewall is supposed to prevent outsiders from accessing your network. It can further protect your systems by restricting the surfing activities of those on your network so that you aren't exposed to harmful code that they may pick up when visiting non-trusted sites. A firewall examines each packet of data sent to your computer or network and decides, based on pre-determined parameters, whether or not to let it through. It also can block attempts by unknown programs that may find their way onto your system from phoning home.

One of the best ways to fight malware is to put a user on a limited account.

 

[TheRyuu]

I don't even use the Windows XP firewall for one of several reasons.

First I have a router (WRT54GL) with DD-WRT so thats basically my firewall.
Second, I use Firefox with adblock plus to prevent a lot of bad junk from even appearing.
Third I use Spybot/Ad-aware/Windows Defender a few times a month and that'll catch whatever has gotten though the net of security.
Also I use Anti-Vir as an Anti-Virus.

Everything is free except for the router which is a good investment (it's even a better one if you can flash it with a linux firmware).

The best and easiest thing to do is to run a limited account (I don't ) but it prevents anything from being installed on your computer.

 

[Zugzwang152]

Intelligent user > *

 

[Ken90630]

Originally posted by: John
Routers and other software firewalls won't keep malware out of the system. Most malware is installed thru ActiveX controls, rogue popups, and is piggy-backed with apps like P2P (Kazaa, Morpheus, Bear Share, etc). In some cases you'll pick up a trojan in your browser cache and it will download malware.

Thanks, John. Re what you wrote above, let's say the user is a very 'low-risk' Web surfer. By that I mean she only visits reputable, legit sites (Amazon.com and sites like that) and doesn't use P2P sites at all. Can we assume that all Active X controls, pop-ups & the like from legit sites will always be free from malware-infected Active X controls or pop-ups? I assume that the site's architect has to knowingly allow the malware into its Active X controls or banner ads, right? [/quote]

Originally posted by: John
One of the best ways to fight malware is to put a user on a limited account.

Yeah, I agree. The only prob with my friend, however, is that she has her Windows Updates configured to be installed automatically. As I understand it, a Limited Account will prevent Windows Updates from being installed, right? And the same would go for anti-virus and anti-spyware program updates (new signatures). So she'd have to temporarily switch over to an Administrator account whenever she needs to get updates, right?

 

[Pabster]

Can a duck quack?



$40 router FTW